Malware Programmer Who Used Spam Botnet to Fund His College Escapes Jail

A malware developer from California has managed to avoid prison time for his participation in the botnet spam but was given a 2 year probation sentence by a Pittsburgh judge.

According to the FBI, Sean Tiernan, 29, a native of Santa Clara created and controlled a botnet that trapped over 77,000 computers infected with a malware and rented it out to others to send spam.

Mr. Tiernan was sentenced on Monday, the 30th of October but escaped punishment for accessing a computer with authorization and initiating spam messages.

According to authorities, Mr. Tiernan helped with the creation of a malicious computer program with his computer. He then programmed the malware to spread very fast throughout various social networking websites.

With the aid of the internet, Mr. Tiernan’s malware was able to communicate and receive directions from the servers, once a machine was infected. He controlled this network of infected computers and servers which formed a botnet, and with the aid of the servers, which were also previously hacked, he used this botnet to send numerous commercial email messages.

Mr. Tiernan then rented this botnet to people who were willing to use this spamming email service and made profits off them by offering to send spam on their behalf.

“Each of these computers, along with the hacked servers used to control them, necessarily were ‘protected’ computers because they were accessed over the Internet in order to be compromised without the owner’s’ consent,” the Justice Department said in a released statement.

“Several of these infected computers in Tiernan’s botnet was located in the Western District of Pennsylvania,” the statement further stated.

Mr. Tiernan was charged with a CAN-spam violation to which he confessed and pleaded guilty to in 2013. According to reports, his lawyers stated that, the nature of their client’s crime was “non-intrusive” and that a probation would be better instead of jail time.

They added that most of the earned money which were small was used to pay for “collected and associated educational and living expenses”.

Mr. Tiernan also argued that irrespective of the size of the botnet, the profits he made from the scheme was “comparatively small”.

Also, he reportedly stated that the malware used to infect over thousands of users’ computers via the social media just turned devices into proxies.

“In short, the harm caused by the scheme while real was comparatively minor,” his lawyers stated in a sentencing memorandum.

His lawyers also stated that Mr. Tiernan was following the footsteps of his father, who was a computer consultant and at a very young age, learned how to code and navigate the internet.

He, however, was involved in creation of the botnet and operated it together with some people much older than him.

“At the time that he joined the scheme, Sean did not appreciate the seriousness of what he and his co-schemers were involved in or that he could potentially land in jail,” Tiernan’s lawyers stated.

They continued by saying: “He thought (wrongly) that as long as they were not accessing private information such as banking or financial records on these computers, they were not doing anything particularly wrong.”

The malware allegedly collected the IP addresses of victims but did not steal any kind of personal and financial data neither did it extort from them.

According to a search warrant in October 2012, the botnet malware infected over 77,000 computers with the majority of the infected machines being in the Western District of Pennsylvania.

Mr. Tiernan’s arrest came back in October 2012, while he was still a student at Cal Poly after the FBI tracked down and executed a search warrant at Tiernan’s residence.

He has since then, decided to pursue a career in cybersecurity and “has been employed continuously with a well-known company in the cybersecurity sector.”

Reports from his lawyers stated that Tiernan is now enrolled in the Stanford Cyber Security Graduate Program, a well-known company in the cybersecurity sector and is working toward becoming a Certified Information Systems Security Professional (CISSP).

He is, however, the latest addition of criminals who switched up to cybersecurity after breaking the law, while still minors.